npm · Malicious package advisory
Malwareintl-ads
MAL-2026-4587
Malicious code in intl-ads (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (c7e29be11c53c137c2a24258ae423cf422fefcaad06183d67aa5c895a8fe4801) On `npm install`, the package's `scripts.preinstall` runs poc.js which collects hostname, username, full network configuration (ipconfig/ip a/resolv.conf), `id`/`whoami /all`, git remote, parent package.json, and CI configuration files (.gitlab-ci.yml,.github/workflows, Jenkinsfile, azure-pipelines.yml). It then iterates `process.env` and harvests any variable whose name contains AWS, AZURE, GITHUB, GITLAB, JENKINS, NPM, TOKEN, CI, BUILD, etc. — capturing values, not just names — and POSTs the JSON payload to `d8a5d9pon5bugoc35cngp9hcregcqyezu.oast.me` over HTTPS, with a DNS callback as a secondary channel. The package self-describes as authorized bug-bounty research targeting Walmart's private namespace via dependency confusion, but the public npm registry has no scope restriction: any developer or CI system that resolves this name will execute the recon and leak credentials. The OAST destination is an Interactsh collector, not a Walmart-owned endpoint, so harvested data leaves any authorized scope. Concrete installer harm: AWS/Azure/GitHub/GitLab/npm tokens present in CI environment are exfiltrated; host fingerprinting enables follow-on attacks.
Compromised versions (3)
- 99.0.1
- 99.0.0
- 99.0.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.